General Rules: Banking and Finance Transactions

Kuwaiti law of contract and other private law matters which are relevant to banking and finance transactions (such as lending, interest, guarantees, securities, and enforcement) are mostly set out under Decree-Law No 67 of 1980 (as amended) (the “Civil Code”), Decree-Law No 68 of 1980 (as amended) (the “Commercial Code”), and Decree-Law No 38 of 1980 (as amended) (the “Civil and Commercial Procedures Law”). 

Regulatory Regime

Introduction

Law No 32 of 1968 (as amended) (the “CBK Law”) together with the regulations, instructions and/or circulars issued by the Central Bank of Kuwait from time to time (each as amended) (together with the CBK Law, the “CBK Regulations”) defines banking activities as those transactions customarily carried out by banks such as the receipt of deposits, lending, trading in and issuing debt instruments, trading in currencies and metals, extending credit and granting securities. The regulatory entity tasked with overseeing the banking sector is the Central Bank of Kuwait (CBK), and entities subject to its supervision are:

• banks (conventional and Islamic);
• branches of foreign banks in Kuwait;
• financing companies;
• investment companies licensed to carry out lending activities;
• foreign exchange companies;
• credit information companies; and
• fintech activities.

(the “CBK-Regulated Entities”). 

Banks are organised in the form of what is known under the Companies Law (defined below) as a shareholding company (KSC). KSCs are practically joint stock companies. Other than state-owned or specialised banks, and branches of foreign banks, the CBK requires banks to publicly trade their shares. Because of such listing (and the fact that the banks are formed as KSCs), other regulatory frameworks apply. Such frameworks, in addition to banking-specific regulations, regulate listed companies conduct and internal operations (including, for example, the applicable corporate governance rules, disclosure requirements, insiders, and registered persons within the company). In addition to the foregoing, such regulatory frameworks set out the organising principles (and applicable rules and regulations) on a given bank’s transactions. These include:

• the CBK Law;
• Law No 7 of 2010 Regarding the Establishment of the Capital Markets Authority and Regulating Securities Activities (as amended) (the “CMA Law”) and its executive by-laws (as amended) (the “CMA By-laws”) (the CMA Law and CMA By-laws, together the “CML Regime”);
• The rulebook issued by Boursa Kuwait (the Kuwaiti Stock Exchange) (the “Boursa Rulebook”);
• Law No 1 of 2016 (as amended) (the “Companies Law”) and its executive by-laws; and
• Law No 106 of 2013 Regarding Anti-Money Laundering and Terrorist Financing (the “AML Law”) and its executive by-laws.

The CBK Law

The CBK Law outlines the CBK’s broad authority to regulate the banking sector. Similar to central banks in other jurisdictions, the main objective of the CBK is to maintain the stability of the country’s financial system and to regulate all aspects pertaining to the flow of capital into, within, and out of the State of Kuwait (“Kuwait”). This includes overseeing CBK-Regulated Entities in relation to:

• lending/financing activities (including tight regulations concerning the extension of consumer and residential real estate facilities);
• investment activities with respect to banks’ own investment portfolios or investments managed on behalf of clients;
• risk systems, liquidity, and capital adequacy requirements;
• interest rate ceilings and discount rates;
• corporate governance and internal controls; 
• anti-money laundering (AML) and combatting terrorist financing (CFT); and
• acquisition and change of control of shares in CBK-Regulated Entities;     

The CML Regime

The CML Law established the Capital Markets Authority (CMA) which oversees Kuwait’s capital markets and financial services. It complements the CBK’s role in ensuring Kuwait’s overall economic and financial stability, the soundness and agility of its capital markets, as well as protecting investors’ best interests.

The CML Regime is applicable to CBK-Regulated Entities in the context of banks being: (i) KSCs in their corporate form; and/or (ii) carrying out any “securities activities” such as investment management, investment advisory, custodian, subscription agent, or brokerage services (activities that require a license by the CMA). Many CBK-Regulated Entities undertake such securities activities as standard offerings. Therefore, such entities find themselves under the oversight of the CMA.

The CML Regime is a comprehensive regulatory landscape which regulates various activities conducted by CBK-Regulated Entities in addition to setting certain minimum standards. These include the following:

• securities activities and financial services;
• fiduciary duties in favour of clients;
• ethics and conduct of business;
• corporate governance;
• internal controls and risk management systems;
• mergers and acquisitions;
• transparency and disclosure of material information;
• dealing in securities (eg, issuance of shares/rights, bonds, sukuk and other structured instruments);
• listing rules; and
• AML and CFT. 

Boursa Kuwait Rulebook

Boursa Kuwait is the only stock exchange operating in the country. The CML Regime regulates the establishment and licensing of securities’ exchanges. Securities exchanges are then required to set their own rules and regulations (and administrative standards) for securities listed on their exchange. Such rules and regulations require the prior approval of the CMA before taking effect. As at the date of this writing, Boursa Kuwait solely permits the public trading of equity instruments (eg, shares in listed entities) and units in investment funds. However, Boursa Kuwait, the CMA, and the Kuwait Clearing company are embarking on a multi-phase market modernisation project to extend the offerings of other tradable securities such as sukuk, bonds, and derivatives.

The Boursa Kuwait has a rulebook (approved by the CMA and subject to continuous amendments) which regulates:

• trading of securities;
• certain offering and pricing restrictions in relation to block trades (eg, privately negotiated securities transactions);
• the conduct of licensed persons that carry activities adjacent to those of a securities’ exchange (eg, brokerage and custody services);
• duties of integrity, fair dealing, and due care;
• disaster recovery rules;
• listing requirements and market segmentation; and
• the enforcement process with respect to listed securities.

Companies Law

While banks are typically organised as KSCs, other CBK-Regulated Entities may take other forms of corporate entities (such as a “With Limited Liability” company). The Companies Law regulates the cascading rules associated with a chosen corporate form as well as the rules surrounding the structure of its share capital and equity financing rules. Corporate capacity and authority rules, which are key in approving banking and finance transactions, are largely governed under the Companies Law. In addition, the Companies Law outlines general corporate governance rules, external auditing requirements, as well as general corporate housekeeping requirements (such as mandatory annual general meetings for shareholding companies, accounting and audit standards, company reserves, etc). The Ministry of Commerce and Industry (MOCI) is the public authority tasked with overseeing the implementation of the Companies Law and its regulatory framework.

Anti-Money Laundering Law

The AML Law sets out the general and specific anti-money laundering and terrorism financing rules applicable to entities including banks. Please refer to 5. AML/KYC for more information on the applicable compliance regime established by the AML Law. 

Other applicable laws

In light of Kuwait’s acute shortage of housing properties and the drastic inflationary trend of the value of real estate, Kuwait recently enacted Law No 126 of 2023 concerning Combating Vacant Residential Lands Monopoly Law (the “Lands Monopoly Law”). This law contains provisions on the banking sector’s role in the housing market. Further details on this legislation are provided in 2. Authorisation. 

Licensing Requirements for Banks

For a bank to operate in Kuwait, it needs a license from the CBK. This license either relates to establishing a Kuwaiti bank or permitting a foreign bank to set up a branch in the country (noting that CBK regulations apply to all banks operating in Kuwait, whether they are Kuwaiti banks or branches of foreign banks). The CBK licensing regime covers conventional and Islamic banks.

Kuwaiti banks

For a bank to be established in Kuwait it must, according to the CBK Regulations, at a minimum, meet the following requirements:

• take the form of a public shareholding company (with notable exceptions for state-owned or specialised banks (eg, the Industrial Bank of Kuwait);
• have a minimum initial share capital of KWD75,000,000 (and KWD15,000,000 if a conventional bank is establishing, as a subsidiary, a Sharia-compliant bank); and
• submit a feasibility study for the establishment of the bank; for Islamic banks in particular, the founders thereof are required to subscribe in a minimum of 10% of its share capital and are restricted to a maximum 20% at the time of founding.

Branches of foreign banks

Foreign banks applying to establish a branch in Kuwait must capitalise such branch in the minimum amount of KWD15,000,000. Moreover, such applications must accompany a feasibility study justifying setting up the branch in Kuwait.   

Licensing Process

The CBK Regulations do not outline specific steps to be followed for the licensing process of a bank. Article 56(3) of the CBK Law highlights the legislature’s approach in that respect, requiring first an initial application to be submitted to the CBK for a preliminary approval before commencing the incorporation process. The convention in Kuwait, given the lack of specifically outlined steps, is to engage with the CBK through an expression of interest and a series of meetings to agree on the incorporation of a bank. The CBK takes incorporation processes that meet the minimum thresholds set out above on a case-by-case basis before giving its initial approval, following which the standard incorporation rules of the Companies Law would apply for the incorporation.

Kuwait, as at the date of this writing, has 11 banks. Each of these banks (which were established under the then applicable companies’ law) has been established by an Emiri decree under which the establishment of the bank is approved in principle (such Emiri decree was a requirement under the then applicable rules). The CBK then takes over the role of overseeing the licensing process and the fulfilment of the general rules under the CBK Regulations. It is to be noted, however, that under the existing rules the CBK Law does not necessitate the issuance of an Emiri decree as a prerequisite for the establishment of a Kuwaiti bank.

For an indicative timeline of the licensing process, in the example of Warba Bank (the most recently founded Kuwaiti bank), the relevant Emiri decree was issued on 15 September 2009, and Warba Bank was admitted to the register of banks at the CBK on 7 April 2010.

Banking Activities Licensed by the CBK

The CBK Law provides that banking activities are those dealings which are “customarily carried out by banks” including:

• the receipt of deposits;
• lending or financing;
• trading in and issuing debt instruments;
• trading in currencies and metals;
• the provision of credit and securities; and
• any other activities identified as such by the Commercial Code or custom.

All CBK-Regulated Entities are permitted under their respective licenses to carry out some or all of the above banking activities except for credit information companies and electronic payment service providers.

Moreover, the CBK Law recognises the framework within which Islamic banks operate, whereby financing activities must adhere to the rules of Islamic Sharia with respect to the prohibition on usury (ie, charging of interest). While the CBK does not regulate the conformity of the financing activities of Islamic banks to Sharia law per se, it mandates a certain corporate governance function in which an internal Sharia Supervisory Board must bless the compatibility of the financing activities with Sharia law.

Restrictions on Licensed Banks

Banks in Kuwait are expressly prohibited under the CBK Law from:

• engaging in any non-banking-related commercial or industrial activities;
• purchasing or owning real estate except (i) for operational purposes; (ii) when real estate properties are acquired through the enforcement of debt or a security (provided that such real estate property is sold within three years from said acquisition); or (iii) in relation to Islamic banks, as part of the transactional process of a Sharia-compliant financing model (eg, a Murabaha or a Mudharaba financing);
• owning or dealing in bank’s own shares except as permitted by the CBK Regulations;
• owning beyond 50% of the share capital of a commercial company except as permitted by the CBK; and
• in respect of shares acquired by way of enforcement of debt or security, banks may not hold such shares for more than two years.

Restrictions applicable on consumer loans

The extension of consumer loans (ie, loans made to natural persons for non-commercial purposes) by Kuwaiti banks is tightly regulated by the CBK. Consumer loan facilities are capped and categorised as either (i) “personal loans” which are repayable within a period not exceeding five years and whose value may not surpass 25 times the monthly income of the consumer, subject to a maximum of KWD25,000; or (ii) “housing loans” which are repayable within a maximum period of 15 years and their monetary limit may not exceed KWD70,000.

Moreover, banks may not deduct consumer loan instalments beyond 40% of the monthly income of a consumer (or 30% for a retired consumer) nor may they extend a new loan if the total instalments for all outstanding loans (for which the consumer is liable) would exceed these limits.

Lastly, the interest rate ceiling applicable on consumer loans may not exceed 3% over the discount rate declared by the CBK. For consumer loans, interest rates may only be fixed (ie, not floating). Such fixed rates must last for a minimum of five years, after which, the interest rate may be reviewable by the bank in line with the published CBK rate, provided that such a change must be within a plus or minus 2% of the preceding contractual interest rate.

Restrictions regarding banks’ role in the housing market

The Lands Monopoly Law regulates the banking sector’s role in the housing market, whereby banks are expressly prohibited from dealing with, selling, purchasing, mortgaging, receiving or assigning rights, or disposing of in whatsoever way, whether for themselves or on behalf of other persons, any housing property. This prohibition does not cover transactions or properties owned prior to the promulgation of the Lands Monopoly Law. The legislation, however, permits banks to finance residential real estate in a limited context where the recipient of the financing is a Kuwaiti natural person who does not own residential property.   

Common Ancillary Activities

It is customary for many CBK-Regulated Entities to carry out “securities activities”, such as investment management, investment advisory, custodian, subscription agent, or brokerage services. These activities are licensed and regulated by the CMA. 

Overview of the Regulatory Authorities

The process of acquiring or increasing control of a bank is subject to stringent regulatory oversight to ensure financial stability, transparency, and competition in the market. The process is governed by three primary authorities, each with a distinct role in regulating and approving certain activities and transactions. These authorities are the CBK, CMA, and the Competition Protection Agency (CPA). In addition, certain regulatory requirements under the Boursa Kuwait Rulebook are applicable.

Requirements Governing Changes in Control

When seeking to acquire or increase control of a company in Kuwait, it is essential to understand the regulatory framework governing “Control” and “Effective Control”, as defined under the CMA By-laws. Control is established by holding 30% or more of a listed company’s tradable shares. However, Effective Control may also arise through arrangements that enable a party to appoint most board members or influence decisions made by the company’s general assembly. The CMA applies the same regulatory scrutiny to such arrangements as it does to direct ownership. The following requirements must be satisfied when pursuing control:

CBK requirements

As the primary banking regulator, the CBK plays a crucial role in overseeing acquisitions that could alter the control structure of any bank.

• Approval for ownership changes: According to Article 57 of the CBK Law, any individual or entity intending to acquire more than 5% of a bank’s capital must obtain prior approval from the CBK. 
• Feasibility study: The CBK mandates that a feasibility study be conducted by a specialised, independent financial institution with the necessary expertise (in practice, applicants appoint a CMA-licensed investment adviser to ensure simultaneous compliance with CBK and CMA rules) before approving any bank merger or acquisition. This study must assess whether the acquisition will contribute to the long-term financial health and stability of the bank. For cross-border acquisitions, the study must also address compliance with foreign regulatory standards and any potential risks related to the operation of subsidiaries abroad.
• Regulatory co-ordination between CBK and CMA: Effectively, the core of the regulatory approvals’ process of a change of control concerning a CBK-Regulated Entity lies with the CBK. This co-ordination surrounding potential regulatory overlap is the subject of a Memorandum of Understanding between the CBK and CMA dated 17 of January 2018 (MOU). For example, the MOU states that the process of approving change of control should start at the CBK where the bulk of regulatory assessments, especially with respect to the market impact of any potential transaction, is carried out. The CMA’s role in this instance would be a minimal “desktop” review to ensure compliance with the form of the law (after the substantive analysis by the CBK).
• Additional regulatory framework: Recently, the CBK has been proactive in setting additional guidelines with respect to regulating acquisitions or mergers. These guidelines are to a large extent bespoke and structured on a case-by-case basis. For example, in the recent merger of Kuwait Finance House and Ahli United Bank of Kuwait, the CBK devised tailored guidelines to control the merger process and milestones given the transaction’s size and the systemic impact on the local banking system.

CMA requirements

Mergers and acquisitions involving CMA-Regulated Entities require prior approval and must comply with transparency and disclosure obligations outlined in Module 9 of the CMA By-laws. While both mergers and acquisitions involve changes in ownership and control, they differ in structure and purpose.

Acquisitions typically involve one entity purchasing a controlling interest in another. They vary based on key factors such as whether the offer is mandatory or voluntary, competitive or non-competitive, and whether the consideration is in cash or non-cash form. Some acquisitions, such as reverse acquisitions, introduce additional procedural requirements due to their complex structure.

In contrast, mergers focus on the unification of companies into a single entity. In Kuwait, bank mergers take several forms, each governed by the Companies Law and the CML Regime: (i) amalgamation, where one company absorbs another, assuming all its assets and liabilities; (ii) combination, where two or more companies merge to create a new entity, dissolving the originals; and (iii) division and amalgamation, where a company’s assets and liabilities are split and transferred to existing entities.

Acquisitions Under CMA Compliance Requirements

Mandatory offers and creeping rules

CMA By-laws introduce rules governing the incremental acquisition of shares in publicly listed companies, also known as “creeping rules”. These rules delineate the thresholds that, when surpassed, trigger mandatory takeover obligations requiring a person surpassing such threshold (save for limited exceptions) to make a mandatory tender offer to acquire the entire shareholding of the listed company (MTO). An investor may acquire up to 30% of a company’s voting shares without having to launch an MTO. Notably, for ownership levels between 30% and 50%, investors are permitted to acquire or dispose of shares within a limit of plus or minus 2% semi-annually without having to launch an MTO. Similarly, for ownership levels between 50% and 100%, the limit is set at plus or minus 5% semi-annually. Investors who have previously made offers to acquire the entire shareholding of a certain listed company (whether by way of an MTO or otherwise) are exempt from the aforementioned creeping rules’ limits and may increase their shareholding in such listed company without restrictions. In addition to disclosure rules applicable to persons with significant interest in listed entities, any investor is required to notify both the CMA and Boursa Kuwait when their interest (whether directly or indirectly) triggers an MTO obligation.

Competitive acquisitions

In scenarios where multiple bidders compete for the same target, competitive acquisitions apply. Any competing offer must be distinct from the original bid and disclosed to the CMA and shareholders at least five days before the end of the initial offer review period.

Non-cash voluntary acquisitions

The CMA Regime allows non-cash (in-kind) consideration for acquisitions. Acquirers offer shares or other assets in place of cash. For example, as part of the KFH-AUB merger process, KFH carried out an in-kind acquisition of AUB Bahrain. In such a case, the acquirer must increase its share capital, secure a CMA approval, and disclose the process fully to all shareholders.

Reverse acquisitions

Reverse acquisitions occur when an acquirer secures 50% or more of a listed company’s shares. The acquirer must notify the CMA and announce the transaction on Boursa Kuwait to ensure all stakeholders are informed. Any changes during the process must be promptly reported. The acquisition must comply with CMA regulations, proper documentation, and equitable treatment of all shareholders.

Mergers Under CMA and CBK Compliance Requirements

A merger process typically begins with an agreement between the merging parties and obtaining the approval of the CMA and CBK before it is presented to shareholders. If the merger results in a change of control, the identities of the new controlling entities and any potential conflicts of interest must be disclosed. Independent advisers must provide objective assessments to safeguard fairness in the process. Key updates related to the change of control must be announced publicly through Boursa or the banks’ websites (or both) at each critical stage to maintain transparency. Furthermore, merging banks must comply with CPA regulations to prevent market dominance, with trading in the banks’ shares being temporarily suspended to prevent manipulation or misuse during the merger process.

Boursa Kuwait requirements

The Boursa Kuwait Rulebook outlines the requirements for transferring ownership of shares in listed companies focusing on scenarios that require approval, conditions for block trades, and specific exemptions. 

• Scenarios requiring Boursa Kuwait approval: Boursa Kuwait mandates approval for share transfers in certain cases, including (i) settlements between creditors and debtors or collateral holders; (ii) transfers initiated by a pledgee following a debtor’s default; (iii) transfers needed to secure board memberships; (iv) transfers resulting from enforceable court judgments; and (v) transfers by government entities as part of privatisation efforts. Other permitted cases include internal transfers within corporate groups, employee stock option plans, and transfers resulting from mergers, acquisitions, or demergers. 
• Conditions for block trades: Block trades involve prearranged sales of shares between buyers and sellers. Such block trades require the approval of Boursa Kuwait and must be conducted through a licensed broker to ensure transparency. Block trades must meet specific conditions, including (i) a minimum value of KWD150,000; (ii) shares fully owned by the seller without restrictions unless waived by the beneficiary; and (iii) a price that does not deviate by more than 20% from the last closing price (ie, a premium cap).

• Exemptions from Boursa Kuwait approval: Certain transfers, such as those resulting from inheritance or occurring between family members, are exempt from Boursa approval and may be processed directly through the Kuwait Clearing Company K.S.C. (KCC).

CPA requirements

• Economic concentration: Parties involved in agreements subject to CPA Resolution No 26 of 2021 on Economic Concentration must submit a request to the CPA. This applies when: (i) one party has annual sales exceeding KWD500,000 based on audited financial statements from the previous fiscal year; (ii) the combined sales of the parties to the transaction exceed KWD750,000; or (iii) their total registered assets exceed KWD2.5 million, as reflected in audited records.
• CPA assessment: The CPA, as mandated by Article 12 of Law No 72 of 2020 (the “Competition Protection Law”), examines whether proposed acquisitions might result in unfair market dominance or impede competition. If it detects potential risks, such as monopolistic behaviour or an undue competitive advantage, the CPA can take action by setting conditions or prohibiting the acquisition.

Milestones and Approval Process

Regulatory approval is required before the acquisition can proceed. The process includes the following filings:

• CBK filings: The acquirer must file an application with the CBK that includes a memorandum of understanding, the feasibility study, and other relevant documentation outlining the proposed ownership structure. These filings allow the CBK to evaluate the potential impact of the acquisition on governance and financial stability.
• CMA filings: The acquirer must submit detailed disclosure filings under the CML Regime. These filings must ensure that shareholders and market participants are properly informed about the financial evaluation of the transaction. They often include swap ratios, valuation processes and shareholder approval details.
• CPA filings: The involved parties must file company records, management information, an asset valuation report from a CMA-accredited auditor, and audited financial statements from the past two years. Additional filings include key agreements, a report on the economic impact of the acquisition, and financial assessments. A filing fee must be paid by certified check, calculated as the lesser of (i) 0.1% of the paid-up capital or (i) the total value of the parties’ assets in Kuwait, with a cap of KWD100,000.
• Boursa Kuwait filings: If Boursa Kuwait approval is required, the parties must file an application along with supporting documents, such as transfer forms, settlement agreements, court decisions, or privatisation orders.

Ongoing Reporting Requirements

Following a merger or acquisition, the acquirer is subject to several ongoing regulatory obligations, including:

• CBK reporting: The bank must regularly provide reports to the CBK about its financial condition, management practices, and risk controls. This helps the CBK track the bank’s stability after the acquisition and ensure its operations meet regulatory expectations.
• Stress testing: The CBK may require the bank to conduct periodic stress tests. These tests assess the bank’s ability to withstand economic fluctuations and financial stress, focusing on key metrics like capital adequacy, asset quality and profitability.

Corporate Governance and Systems and Controls Requirements for Banks in Kuwait

The purpose of regulating corporate governance in the banking sector aims to enhance transparency, accountability, and financial stability. The CBK is the primary regulatory authority responsible for setting and enforcing governance standards for banks, with additional supplementary oversight provided by the CMA. This section outlines the statutory and regulatory requirements for corporate governance applicable to CBK-Regulated Entities.

Effect of the CBK – CMA MOU

As mentioned in 3.1 Requirements for Acquiring or Increasing Control Over a Bank, the MOU between the CBK and CMA establishes a co-operative framework to manage overlapping responsibilities in governance, particularly in areas of transparency and market conduct. While the CBK leads in regulating internal corporate governance, the CMA focuses on market-related governance, including disclosure obligations and shareholder protections. The MOU aims to co-ordinate overlapping regulatory actions from multiple entities with statutory oversight without duplicating regulatory effort.

Primary Corporate Governance Regulations

The CBK’s Corporate Governance Guidelines (2019) set requirements for the composition and duties of the board of directors, the establishment of committees such as the audit, risk, and governance committees, and the implementation of internal control systems to manage operational, financial, and compliance risks. The guidelines also cover oversight of risk management practices and compliance with governance standards.

The CMA’s By-laws include express regulations for certain CBK-Regulated Entities engaging in securities’ activities. For example, Module 5, titled Securities’ Activities and Registered Persons, sets out what, according to the CMA, constitutes a regulated activity (requiring a license from the CMA), and which persons need to be registered within an entity that engages in securities activities. While this section applies directly to CBK-Regulated Entities which engage in CMA-regulated securities activities, the CMA is permitted (under Article 1-1) of the Module to “exempt CBK-Regulated Entities from some or all of the provisions set out in this [Module 5]”. Similarly, Module 10 focuses on transparency and disclosures and is applicable to CBK-Regulated Entities as market participants (eg, listed entities) requiring them to adhere, among others, to public disclosure rules. It is worth noting that, despite Module 15 of the CMA By-laws outlining the governance framework for listed companies (which are mostly applicable on a comply-or-explain basis), it expressly excludes CBK-Regulated Entities from its scope. This means that the CBK-issued 2019 Corporate Governance Guidelines govern CBK-Regulated Entities.

Governance Structure and Roles in CBK-Regulated Entities

• Board composition: The board must have a minimum of 11 members, with at least four of these members being independent. Additionally, the board is required to establish several key committees to support sound governance, risk management, and regulatory compliance. These committees include the audit committee, risk and compliance committee, corporate governance committee, nomination committee, remuneration committee, and for Islamic banks, a Sharia board to oversee compliance with Sharia principles. Furthermore, the CBK enforces “fit and proper” requirements for board members, ensuring that directors meet specific qualifications, experience levels, and integrity standards to effectively fulfil their governance roles (see 4.2 Registration and Oversight of Senior Management).
• Conflict of interest: The CBK Corporate Governance Guidelines and Companies Law set rules to manage conflicts of interest. Board members and senior executives must disclose any personal interest – whether direct or indirect – in contracts, transactions, or arrangements involving the CBK-Regulated Entity. Once disclosed, these individuals are barred from participating in discussions or voting on matters related to the conflict. Additionally, directors are prohibited from engaging in activities that compete with the bank, unless expressly approved by the general meeting of shareholders. Failure to obtain such approval may result in the bank seeking compensation or claiming the benefits of the competing business as its own. Banks are also required to keep a detailed record of all related-party transactions, which must be accessible to shareholders.
• Minority shareholder protection: The corporate governance framework in Kuwait includes several mechanisms that aim to protect minority shareholders. Independent directors are required to act without influence from major shareholders, preventing undue control. Under the default rules of the Companies Law, key decisions, such as mergers, liquidation, disposal of major assets, and share capital increases, require shareholder approval, ensuring minority shareholders are involved in significant actions. Article 30 of the Companies Law allows shareholder agreements to regulate relationships and voting rights, while the CMA By-laws require disclosure of private voting arrangements and parties acting in concert.

Additionally, Article 3-12 of Module 9 of the CMA By-laws, under the chapter governing acquisitions, allows minority shareholders (holding between 5% and 30% of shares) to submit objections to the CMA against resolutions specifically related to acquisitions. These objections must be submitted within 15 days of the acquisition resolution and demonstrate that the resolution constitutes an abuse of minority rights. Minority shareholders also have the right to file derivative action lawsuits to address mismanagement or misconduct by the board, as well as unfair prejudice lawsuits if company decisions disproportionately harm their interests.

Transparency and disclosure obligations

CBK-Regulated Entities are required to:

• Submit to the CBK detailed governance reports covering board composition, independence, conflict-of-interest management, board and executive compensation, shareholder agreements, voting rights, and the structure of key committees (audit, risk, remuneration). These reports must be included in the annual report, which is made publicly available.
• Provide financial and prudential reports to the CBK, including quarterly and annual financial statements, capital adequacy reports, liquidity coverage ratios (in line with Basel III), and details on non-performing loans (NPLs), including provisions and management actions.
• Submit compliance and risk reports to the CBK, covering AML and CFT, and the results of stress testing and risk management assessments. (See 5.1 AML and CFT Requirements)

Sharia-compliant entities

Sharia-compliant entities must follow the CBK Governance Instructions, the CBK Sharia Governance Framework, and the Companies Law. These entities are required to establish Sharia supervisory boards to ensure their operations and financial products comply with Sharia law. The boards conduct regular audits, typically on a quarterly or annual basis, to assess compliance with Sharia principles. As per the CBK’s Circular No (2/IBS/369/2016), all Kuwaiti Islamic banks are required to implement external Shariah audits. These audits are conducted by independent auditors who assess whether the bank complies with the Fatwas issued by its Sharia supervisory board. Audit reports must detail the bank’s compliance with Sharia rules, including reviews of new financial products and any changes to existing ones.

Additionally, Sharia-compliant entities must, where applicable, adhere to international standards incorporated by reference in the CBK regulations, including AAOIFI for Sharia compliance and governance, IFSB for prudential standards and risk management, and Basel III, adapted for Islamic finance, for capital adequacy and liquidity management.

Corporate approvals

Corporate approvals for banks in Kuwait vary depending on the nature and significance of the decision. Routine matters, such as the approval of financial statements, profit distribution, and auditor appointments, are handled by the Ordinary General Assembly (OGA). For more significant decisions, such as amendments to the company’s memorandum of association, capital increases or reductions, mergers, acquisitions, or liquidation, approval from the extraordinary general assembly (EGA) is required. These decisions may require higher approval thresholds as specified in the articles of association. The board of directors is responsible for strategic governance and oversight, such as approving internal policies and overseeing executive appointments. Executives, including the CEO and senior management, handle the day-to-day operations of the bank.

Provisions

The Companies Law and CBK By-laws require CBK-Regulated Entities, particularly banks, to maintain various reserves and adhere to practices that target financial stability and compliance with legal obligations:

• Statutory reserve: Under Article 222 of the Companies Law, companies must allocate 10% of their annual net profits to a statutory reserve until it reaches 50% of the issued capital. This reserve can only be used to cover losses or distribute dividends when profits are insufficient.
• Optional reserve: Article 225 allows companies to allocate up to 10% of net profits to an optional reserve based on board recommendations. This reserve can be used for discretionary purposes, such as funding future projects or investments.
• Employee fund/end-of-service benefits: Article 224 of the Companies Law requires companies to set aside funds to cover end-of-service indemnities for employees, ensuring compliance with labour laws. Additional funds may also be established for employee welfare.
• NPL reserves: CBK-Regulated Entities are required to maintain reserves for non-performing loans (NPLs) to cover potential losses from bad debts.
• IFRS 9/expected credit loss provisions: CBK Regulations require compliance with IFRS 9, which mandates the recognition of expected credit losses for financial instruments.
• Liquidity regulations: CBK regulations require banks to maintain a liquidity coverage ratio (LCR) and a net stable funding ratio (NSFR). The LCR requires banks to have a minimum of 100% stable funding.
• Capital adequacy regulations: The CBK has implemented Basel III standards to improve capital adequacy, which includes higher quality capital requirements and a leverage ratio.
• Credit risk regulations: Banks are subject to a loan-to-deposit ratio set at 90%. Credit facilities must be classified into regular and irregular categories based on specific criteria.
• Concentration risk regulations: Investment limits restrict a bank’s total securities portfolio to 50% of its capital, and credit concentrations to any single customer cannot exceed 15% of the bank’s capital base.

Voluntary Codes and Industry Initiatives

The governance framework in Kuwait is primarily based on statutory requirements. Both the CBK and CMA require CBK-Regulated Entities to align with international best practices, particularly those set by the Basel Committee on Banking Supervision and the IFRS.

The CBK’s Governance Instructions include a comply or explain principle, allowing CBK-Regulated Entities some flexibility in adopting governance practices while adhering to local rules. For instance, during the COVID-19 pandemic, one bank faced difficulties in appointing independent board members due to government closures and the inability of candidates to complete necessary documentation. After explaining the situation to the CBK, the deadline for appointing the board members was extended. Each CBK-Regulated Entity can establish its own policy and may adopt any voluntary standard they choose, subject to approval from the CBK.

Diversity Requirements

There are no formal government-mandated diversity requirements for CBK-Regulated Entities. However, under Cabinet Resolution No 1868 of 2018, banks must maintain a minimum Kuwaitisation rate of 70% for their workforce. This initiative aims to increase the employment of national talent through training programmes.

Additionally, several CBK-Regulated Entities have implemented their own diversity and inclusion initiatives. These efforts focus on creating inclusive environments and are recognised for their role in strengthening corporate governance and improving organisational performance.

Bankers’ Oath or Equivalent Binding Rules of Conduct for Employees

Although Kuwait does not have a formal Bankers’ Oath, both the CBK Law and Law No 39 of 1980 on Evidence in Civil and Commercial Matters (“Evidence Law”) impose certain conduct requirements on banking employees and impose strict requirements for maintaining banking and client information secrecy.

Article 80 of the CBK Law mandates that Central Bank officials maintain the confidentiality of accounts, books, and documents accessed during their duties, extending this obligation even after their employment ends. Disclosure of this information is only permitted when legally authorised.

Article 43 of the Evidence Law prohibits professionals, including banking employees, from disclosing any facts or information acquired in their professional capacity, even after their service has concluded.

Furthermore, the CBK’s Governance Instructions require CBK-Regulated Entities to implement a code of conduct that addresses conflicts of interest, confidentiality, and the ethical use of insider information. This code sets a standard for employees and senior management to maintain professional integrity.

Registration and Oversight of Senior Management in Regulated Entities

The CBK has a framework for the registration and oversight of senior management of CBK-Regulated Entities. This aims to ensure that leadership roles are filled by qualified individuals with relevant experience and high ethical standards to support governance and operational stability in the financial sector.

Senior managers’ designation and regulatory approval

CBK approval is required for the appointment of senior management positions. CBK-Regulated Entities must submit an application with supporting documents, including evidence of the candidate’s qualifications, experience, criminal background checks, and academic records, at least 30 days before the effective appointment date.

Candidates for CEO roles must have 15 to 20 years of work experience, including ten years in banking or financial institutions and five years in key decision-making roles related to core banking functions like credit, investment, or treasury. CBK assesses candidates through a “fit and proper” test and may conduct personal interviews.

Screening requirements

CBK’s screening process evaluates both professional and personal qualifications:

• Experience and skills: Candidates must have the required years of experience and executive-level exposure to manage financial operations effectively.
• Criminal clearance: A criminal clearance certificate is required to verify the candidate’s legal standing.
• Conflict of interest disclosure: Candidates must disclose any potential conflicts of interest to ensure transparency and impartiality in their roles.

The remuneration framework applicable to CBK-Regulated Entities sets out clear and structured guidelines to ensure compensation practices are aligned with long-term stability, effective risk management, and strong governance. These requirements place an emphasis on transparency, oversight, and the alignment of individual incentives with the regulated entity’s strategic and financial objectives.

Individuals Subject to Remuneration Requirements

The CBK Governance Instructions apply to key individuals across CBK-Regulated Entities, focusing on:

• board members, particularly independent directors who oversee governance and strategy;
• executive management, including the CEO and other senior leaders responsible for key decisions impacting the entity’s risk profile; and
• key risk-takers, including personnel involved in risk management, compliance, and internal audit functions, whose roles materially affect the risk landscape of the entity.

These categories ensure that those with the greatest influence over the entity’s operations and risk exposure are subject to strict remuneration policies designed to promote long-term stability.

Remuneration Principles

Key principles that govern the remuneration structure for CBK-Regulated Entities include:

• Risk alignment: Remuneration, particularly variable compensation, must be closely tied to the entity’s risk profile and long-term performance. This is to ensure that individuals are not incentivised to take excessive risks in pursuit of short-term gains.
• Performance-based pay: Variable compensation should reflect sustained, measurable performance aligned with the entity’s broader objectives. The goal is to reward long-term value creation rather than speculative or short-term achievements.
• Deferral of variable pay: The CBK encourages the deferral of variable pay over an appropriate period to ensure compensation is based on enduring performance, reducing the risk of rewarding short-lived results.

Supervisory Approach

The CBK employs a robust supervisory approach to ensure compliance with these remuneration guidelines:

• Remuneration committee oversight: CBK-Regulated Entities must establish a remuneration committee comprising independent members of the board. This committee is tasked with reviewing and implementing remuneration policies that align with the entity’s risk management strategy and long-term goals.
• Transparency and disclosure: CBK-Regulated Entities are required to disclose their remuneration policies in their annual governance reports. These disclosures should explain how remuneration aligns with risk and performance objectives, providing transparency to regulators, shareholders, and other stakeholders.

AML and CFT Framework in Kuwait

The banking sector is governed by a robust framework aimed at combating money laundering and terrorist financing. This framework is established by the AML Law and its executive by-laws issued by the Minister of Finance Resolution No 37 of 2013 (the AML Regulations”).

AML and CFT Requirements for the Banking Sector

AML Regulations impose critical requirements on the banking sector to prevent money laundering and terrorist financing activities. Below are some of the requirements:

• Policies and procedures: Banks are required to develop robust internal policies and procedures. This includes thorough vetting processes for hiring employees to prevent potential risks.
• Employee training: Continuous training programmes must be in place to keep employees updated about AML Regulations, emerging trends in money laundering and terrorism financing, and their obligations, including reporting suspicious transactions.
• Internal controls: Banks must implement independent internal control systems capable of swiftly identifying and reporting suspicious activities.
• Secure information exchange: Secure mechanisms should be developed for sharing information while maintaining confidentiality.
• Compliance officer: A senior compliance officer must be appointed to oversee and ensure the effective implementation of AML and CFT requirements.

The Role of the CBK in Banking Supervision

As the supervisory authority, the CBK plays a vital role in enforcing AML Regulations within the banking sector. The CBK regularly issues internal directives that offer guidelines on implementing preventive measures, conducting due diligence, and reporting suspicious transactions. By issuing these instructions, the CBK ensures that banks align with international standards set by organisations like the Financial Action Task Force (FATF).

The CBK’s Collaborative Efforts in Banking

In addition to its supervisory role, the CBK collaborates extensively with other organisations to combat financial crime.  It is a key member of the National Committee for Combating Money Laundering and Terrorist Financing established pursuant to the Minister of Finance Resolution No 55 of 2015 outlining the committee’s operational framework. The committee plays a crucial role in assessing national risks and ensures that Kuwait’s efforts align with international standards. Additionally, the CBK works closely with:

• the Ministry of Foreign Affairs (MOFA) to follow international rules against terrorism financing; and
• MOCI and the CMA to ensure compliance across all sectors involved in financial activities.

Supervisory Responsibilities by the CBK

• Supervisory inspections and issuance of directives: The CBK conducts regular field inspections to ensure that banks are managing risks and preventing money laundering and terrorism financing. The CBK also issues clear directives to guide banks in preventing these activities in line with FATF standards. These directives are frequently updated to stay current, with the most recent update on 16 February 2023, ensuring they remain practical and up to date with changing requirements.
• Risk-based approach: The CBK employs a tailored, risk-based approach to evaluating the activities of banks. This method identifies the unique risks each institution presents, allowing the CBK to focus its supervision efforts where they are most needed. Using a risk matrix, the CBK ensures that monitoring and oversight are aligned with the specific risk profile of each institution, ensuring proportional and effective supervision.
• Training and awareness: Banks must implement ongoing training as a requirement for all employees, senior management, and board members of financial institutions. These programmes are designed to ensure staff stay informed on the latest AML Regulations, helping them better detect and report suspicious activities. The CBK stresses the importance of senior leadership and board members staying up to date with their compliance responsibilities.
• Advanced technological systems: The CBK mandates banks to implement advanced technology systems for monitoring transactions. These automated systems generate alerts for any suspicious activities, ensuring timely investigations. When there is sufficient evidence of potential money laundering or terrorism financing, banks are required to report their findings promptly to Kuwait’s Financial Intelligence Unit (FIU).

Penalties for Non-Compliance

Non-compliant banks can face severe penalties for failing to adhere to AML Regulations, with fines ranging from a minimum of KWD5,000 to a maximum of KWD500,000. These penalties can be imposed for various violations, including intentional non-compliance or serious breaches, such as failing to establish mandatory internal policies and procedures, failing to ensure that certain key employees meet a minimum level of qualifications, a lapse in implementing training programmes for employees, or neglecting to appoint a compliance officer, among other obligations outlined in the AML Regulations.

Recent Reforms

Over the past two years, Kuwait has introduced key regulations for banks aimed at improving financial transparency and reducing risks related to money laundering and terrorism financing. These updates include stricter rules for identifying the true owners of corporate clients, a ban on CBK-Regulated Entities engaging in any activities relating to virtual assets like cryptocurrencies, and new guidelines for sharing tax information with other countries. These reforms require banks to meet higher standards of transparency and accountability, ensuring compliance with both local and international laws.

Ultimate beneficial owner (UBO) reporting – compliance with Resolution No 4 of 2023 (as amended)

MOCI issued Resolution No 4 of 2023, amended as per Resolution No 41 of 2023, which requires all Kuwaiti companies, with few exceptions, to identify and disclose their UBOs. Under this resolution, financial institutions, including banks, are expected to:

• identify any individual or entity holding 25% or more of ownership or voting rights or having control over the company;
• maintain accurate and up-to-date UBO records, with updates being reported within 15 days of any change; and
• provide UBO information to MOCI upon incorporation, licensing, or renewal and ensure that this data is shared when required by MOCI authorities.

Failure to comply with these UBO obligations under MOCI may result in penalties in accordance with Article 15 of the AML Law.

Virtual assets ban – compliance with CBK Circular on the Prohibition of Virtual Assets

On 17 July 2023, the CBK introduced a strict circular to strengthen its AML and CFT efforts. Under this circular, CBK-Regulated Entities are barred from engaging in any activities related to virtual assets, whether for their own accounts or on behalf of clients. The move follows FATF standards which aim to curb the risks associated with virtual assets, which are considered unstable and speculative. Virtual assets, including cryptocurrencies, are no longer permitted as a means of payment or for any other financial services in Kuwait.

The circular also prohibits CBK-Regulated Entities from offering any investment services related to virtual assets. Furthermore, the CBK has prohibited the granting to any person of licenses for the provision of services related to virtual assets (including cryptocurrencies, non-fungible tokens, and stablecoins). The CBK has reinforced its stance by completely banning banks from carrying out any activities related to the mining of virtual assets. Banks are required to educate their clients about the risks of virtual assets, particularly in cross-border transactions, where these assets are not legally recognised or backed by any authority, exposing users to significant financial risks.

Although virtual assets are prohibited, certain securities and financial instruments regulated by the CBK and the CMA are not affected by this ban. Financial institutions are expected to fully comply with the new guidelines, and non-compliance will result in penalties under the AML Law. These penalties will be imposed alongside any other sanctions from relevant authorities.

Tax transparency – compliance with Decree-Law No 6 of 2024 on Exchange of Tax Information (the “Exchange of Tax Information Law”)

The Exchange of Tax Information Law regulates, among other tax transparency-related matters, the disclosure of tax information with MOF and tax authorities abroad. Under this law, banks must:

• submit annual reports to MOF outlining accounts subject to reporting under relevant tax treaties; even if no updates/disclosures are required to be reported, a formal declaration confirming this must still be filed for the applicable year;
• obtain self-certification forms from customers when opening new accounts to verify their tax status;
• maintain records of customer information, including self-certification forms, for a minimum of six years; these records must be readily accessible for regulatory audits or inspections; and
• designate a specific auditor to ensure adherence to the Exchange of Tax Information Law and AML Regulations; all reports must undergo external audit, and to avoid conflicts of interest, the auditor reviewing tax information reports must be different from the one auditing the institution’s financial statements.

Non-compliance with the Exchange of Tax Information Law will result in penalties, including fines ranging from KWD10,000 to KWD20,000, suspension or revocation of banking licenses, and potential criminal prosecution. These penalties will be enforced without prejudice to any applicable sanctions under the AML Law.

Kuwait’s Deposit Guarantee Scheme (DGS): Safeguarding the Banking Sector Post-2008 Financial Crisis

In the wake of the 2008 Global Financial Crisis, Kuwait acted swiftly to safeguard its banking sector by introducing an unlimited deposit guarantee. The deposit guarantee scheme has been designed to ensure the protection of depositors and maintain the stability and competitiveness of Kuwait’s banking sector amidst regional challenges.

DGS requirements

Law No 30 of 2008 Regarding the Guarantee of Deposits with Local Banks (the “Deposit Guarantee Law”) introduced an unlimited guarantee for bank deposits. The Deposit Guarantee Law covers all types of deposits, including savings accounts, current account balances, and other funds held at local banks, with no cap on the amount guaranteed.

Funding structure of DGS

The CBK plays a central role in managing the deposit guarantee scheme, overseeing its day-to-day administration. However, it is important to note that the actual funding for any payouts comes from MOF, which draws from Kuwait’s General Reserve Fund (GRF). This arrangement places the full financial responsibility for the DGS on MOF, ensuring the government covers any deposit shortfalls. Nevertheless, reliance on the GRF raises concerns about the scheme’s sustainability when the GRF is depleted.

In practice, if a bank were to fail, the CBK would gather detailed data on eligible depositors, while MOF manages the payout process. The Deposit Guarantee Law mandates that the government report all disbursements made under the scheme to the National Assembly and the State Audit Bureau, promoting transparency and ensuring public oversight.

Categories of depositors and deposits covered

The DGS applies to deposits held in the following types of financial institutions:

• conventional banks;
• Islamic banks; and
• specialised banks.

The guarantee extends across all types of deposits, from retail and wholesale accounts to foreign and domestic currency deposits. Whether a depositor is an individual with a modest savings account or a corporation with substantial balances, they are fully covered under the scheme.

Unlimited coverage under Kuwait’s DGS

A standout feature of Kuwait’s DGS is its unlimited coverage, setting it apart from most banking protection systems worldwide. Unlike many countries that impose caps on deposit protection, Kuwait guarantees full coverage for all deposits. For comparison, the Federal Deposit Insurance Corporation in the United States (FDIC) provides protection up to USD250,000 per depositor, per bank, while in the European Union, the DGS ensures protection up to EUR100,000 per depositor.

The unlimited guarantee remains in place, offering full protection with no cap on the amount covered. To date, Kuwait has not faced any payout events under this scheme. Notably, there have been discussions about introducing a capped deposit insurance system; however, no legislative changes have been implemented.

Capital, Liquidity, and Risk Controls

Kuwait’s implementation of Basel III

Since the aftermath of the Souk Al-Manakh Stock Market Crash (which was a highly speculative, unregulated, and unofficial stock market) in 1982, Kuwait has maintained a conservative monetary and macroprudential policy. To align with global standards, the CBK has fully implemented Basel III regulations concerning capital adequacy, leverage, and liquidity. The first time the CBK rolled out its version of Basel-compliant capital adequacy standards was in 2004 when it incorporated Basel II into its regulatory framework. Starting with a gradual phase-in, the CBK introduced a full implementation plan of the Basel III capital adequacy standards in 2014, under which the CBK:

• increased the regulatory capital ratio;
• set minimum common equity limits;
• introduced additional conservation and countercyclical capital buffers;
• tightened the eligibility criteria for Tier 2 capital requirements and cancelled Tier 3 capital requirements;
• introduced higher ratios (in the form of capital buffers) applicable to Domestic Systemically Important Banks; and
• instructed that, except for Domestic Systemically Important Banks, all banks maintain a minimum capital adequacy ratio of 13%, minimum Tier 1 ratio of 11%, and minimum leverage ratio of 3%.

Further, the CBK introduced in 2014 the liquidity coverage ratio regulations, and in 2015 the net stable funding ratio guidelines, both of which aim to enhance banks’ capacity to endure liquidity stress and stabilise their funding structure.

Capital adequacy regulations

The CBK’s capital adequacy framework demands higher quality capital to enhance banks’ ability to absorb losses. Additional capital requirements have been imposed on Domestic Systemically Important Banks, alongside the introduction of a leverage ratio, which serves as a supplementary safeguard to prevent excessive leverage in the banking system.

The CBK’s Basel III guidelines mandate that Tier 1 or Tier 2 capital instruments issued by Kuwaiti banks include provisions for write-offs or conversion into common equity when a “trigger event” takes place, such as regulatory intervention or the need for an emergency capital injection. However, while conversion to common equity is possible, the conditions only allow for a write-down following a trigger event.

Liquidity regulations

Before April 2020, the CBK required that banks hold 18% of their Kuwaiti dinar customer deposits in CBK balances or Kuwaiti government treasury bonds. The liquidity of banks is evaluated using the “maturity ladder approach”, which compares future cash inflows against future cash outflows, reviewing mismatches across various timeframes and comparing them to pre-set limits. The guidelines specify how assets and liabilities should be accounted for when determining liquidity.

In 2016, the CBK began phasing in the liquidity coverage ratio, starting at 70%, with a yearly increase of 10%, reaching 100% by January 2019 and staying at that level until April 2020. During this period, banks were required to submit liquidity coverage ratio reports daily and monthly, as well as separate reports by major currencies for monitoring purposes. The net stable funding ratio, which became mandatory in January 2018, had to be maintained at 100%.

Due to the COVID-19 pandemic, the CBK implemented measures in April 2020 to support the economy, reducing the reserve ratio to 15%, the liquidity coverage ratio to 80%, and the net stable funding ratio to 80%. Additionally, the CBK raised the maturity ladder’s negative cumulative gap limit and increased the lending cap from 90% to 100%. These measures stayed in place until the end of 2021. From January 2022, the reserve ratio was adjusted to 16.5%, with the liquidity coverage and net stable funding ratios both at 90%. As of January 2023, these ratios reverted to their original levels of 18% and 100%, respectively.

Credit risk regulations

• Loan-to-deposit ratio: Between October 2016 and April 2020, Kuwaiti banks were limited to lending a maximum of 90% of qualifying deposits, irrespective of maturity profiles. In response to the COVID-19 pandemic, this limit was temporarily raised to 100% but returned to 90% in January 2023 after a phased reduction to 95% in 2022.
• Credit facility classifications: The CBK requires Kuwaiti banks to regularly assess and categorise their credit facilities as either regular or irregular. Facilities are classified as irregular under certain circumstances, including missed instalment payments, unpaid interest, or exceeding approved credit limits.
• Credit to non-residents: Local banks may offer credit in Kuwaiti dinar to non-residents without prior CBK approval, provided the loan is connected to a government contract under KWD40 million, and the loan value is no more than 70% of the contract’s worth. In other cases, CBK consent is required.
• Foreign exchange: Local banks are permitted to engage in foreign exchange transactions with international banks, including depositing Kuwaiti dinar abroad and entering into derivative transactions such as swaps, options, and futures.

Concentration risk regulations

• Investment limits: A Kuwaiti bank’s total securities portfolio cannot exceed 50% of its capital. Investments in any one issuer are limited to 10% of the bank’s capital or 10% of the issuer’s capital, whichever is lower.
• Credit concentration cap: Without prior CBK approval, a single customer’s total credit liabilities to a bank must not exceed 15% of the bank’s capital base.
• Clustering limits: Large credit concentrations, defined as those exceeding 10% of a bank’s capital base, are capped at four times the bank’s capital base.

Additional requirements for Systemically Important Banks

According to the CBK’s Basel III instructions for Domestic Systemically Important Banks (DSIBs), these banks are required to maintain additional capital buffers to enhance their financial stability and withstand economic pressures. The requirements include the following:

• Capital buffers for DSIBs: Banks classified as DSIBs must hold additional capital buffers (beyond the minimum capital adequacy ratio of 13%) ranging from 0.5% to 2.0% of risk-weighted assets. These buffers are composed of Common Equity Tier 1 (CET1) capital.
• Periodic monitoring: The CBK will annually inform DSIBs of the additional requirements and the timeframe for meeting them.

Overview of the Insolvency Regime of Kuwait

The insolvency and resolution of CBK-Regulated Entities is subject to Law No 71 of 2020 (the “Bankruptcy Law”) which replaced Decree-Law No 2 of 2009 (previously enacted to enhance the financial stability of the banking sector amidst the 2008 Financial Crisis) and the bankruptcy provisions of the Commercial Code.

The previous bankruptcy regime, dating back to 1980 with minor amendments in 2009, had become outdated and inadequate in addressing the needs of modern businesses. It offered limited insolvency protections and restructuring mechanisms, making it difficult for distressed companies to recover and discouraging foreign investment. In this context, the Bankruptcy Law aims to remedy these shortcomings by establishing a more structured system for managing insolvency proceedings.

Role of the CBK in a bank’s insolvency

In spite of the Bankruptcy Law authorising the CBK to issue executive regulations organising the bankruptcy, resolution, restructuring, or preventative settlement of a CBK-Regulated Entity, to date, no directives have been issued in this respect. Apart from the Deposit Guarantee Law (which, as explained in 6.1 Deposit Guarantee Scheme (DGS), guarantees the obligations of banks towards customers’ deposits), there is no special insolvency, recovery, and resolution framework for banks in Kuwait that sits outside the regime of the Bankruptcy Law.

Nevertheless, no petition concerning insolvency proceedings of a CBK-Regulated Entity may proceed unless the CBK has been provided with a written notice on the same not less than ten days prior to such petition being made.

Insolvency resolution

The Bankruptcy Law provides several pathways designed to manage the financial distress of companies among which are the following:

• Restructuring: Debtors retain control of their assets, albeit under the supervision of a court-appointed bankruptcy trustee. The trustee oversees the implementation of a restructuring plan and may place restrictions on the debtor’s ability to manage or dispose of assets.
• Preventative settlement: Debtors are able to continue operating their businesses and managing their assets without interference unless the Bankruptcy Court determines otherwise. This early intervention allows distressed companies to negotiate settlements with creditors before the situation escalates into full insolvency.
• Declaration of bankruptcy. When this occurs, a court-appointed trustee takes control of the debtor’s assets for liquidation purposes.

Both creditors and regulatory authorities have the right to petition the Bankruptcy Department to initiate bankruptcy proceedings or impose a restructuring plan. Debtors themselves can also request to be placed under any of these legal mechanisms, depending on their circumstances. In addition, it is important to note that a certain threshold of creditors’ approval is necessary for restructurings and preventative settlements.

Institutional framework of the insolvency regime

The Bankruptcy Law established new institutional frameworks to manage and oversee bankruptcy matters. Central to this framework are specialised bodies tasked with ensuring the law’s smooth application.

At the core is the Bankruptcy Court, a dedicated judicial body that holds exclusive authority over disputes arising under the Bankruptcy Law. This court is empowered to hear cases and make decisions in line with the law’s provisions.

Supporting the Bankruptcy Court is the Bankruptcy Department, a judicial division responsible for managing the administrative functions of the court. It plays an essential role in ensuring the court’s decisions are executed effectively, streamlining the insolvency process.

Complementing these judicial bodies is the Bankruptcy Commission, which plays a technical advisory role and is composed of experts qualified to serve as bankruptcy trustees. More importantly, the insolvency proceedings concerning CBK-Regulated Entities are directly entrusted to the supervision of the Bankruptcy Commission.

Practical challenges in implementing the Bankruptcy Law

Although the Bankruptcy Law has been enacted and its regulatory bodies established, its practical implementation is still in the formative stages, with numerous provisions remaining untested in real-world scenarios.

In contrast to the former bankruptcy framework, the current law restricts the ability to utilise set-off (ie, netting) between debtors and creditors. This limitation can lead to protracted and less efficient liquidation processes, as allowing set-off could facilitate quicker resolutions and streamline the overall insolvency proceedings.

A critical point of confusion pertains to when the insolvency officially begins. This determination is particularly significant for establishing preference periods in bankruptcy cases. The law currently aligns the onset of insolvency with the suspension of debt payments, but this correlation may not serve as a definitive indicator of a debtor’s financial distress. Furthermore, this approach does not align with established international standards where a “cash flow test” is typically utilised by bankruptcy courts to ascertain the point at which a person becomes unable to pay their debt as it falls due.

Another issue is the jurisdictional overlap among the Bankruptcy Court, Bankruptcy Department, and Bankruptcy Commission. Since the law’s implementation, these bodies have had a varying interpretation of their jurisdiction and scope. This resulted in shifting oversight back and forth between such bodies. At times, such bodies have declined to take on cases. This indeterminacy results in a bureaucratic deadlock, causing delays that adversely affect both creditors and debtors alike.

Additionally, the bankruptcy bodies established under the Bankruptcy Law adopted an inventive interpretation of the law whereby priority is given to judgement-creditors (those whose debts have been determined by a court) over others of equal rank, even though the legislation does not specify such a distinction.

Protection of depositors

In addition to the Deposit Guarantee Law, the Bankruptcy Law protects depositors’ interests by allowing for the retraction of any funds deposited in accounts held with a bank in the event the latter is subject to insolvency proceedings. A depositor may make a request for the recoupment of their funds to the Bankruptcy Department.

CBK-Regulated Entities in Kuwait are expected to integrate ESG considerations into their operations through a combination of voluntary reporting and encouraged sustainable practices. This framework is outlined by the CBK, CMA, and Boursa Kuwait, and promotes alignment with international standards and Kuwait Vision 2035. While the ESG framework is largely voluntary, the CBK mandates that ESG elements must be considered in the annual risk reports submitted by CBK-Regulated Entities, ensuring a formal integration of sustainability into risk management.

ESG Integration into Governance and Risk Management

The integration of ESG factors into governance structures is strongly encouraged for CBK-regulated entities:

• The CMA, through Module 15, Chapter 12, and the CBK Circular No 2/BS, IBS/500/2022, encourages banks to embed ESG into risk management and strategic decision-making processes.
• Entities are encouraged to adopt policies that address climate risks and develop sustainable financial products that promote green finance and support environmentally sustainable projects.
• Boursa Kuwait’s ESG Guidelines, introduced in the “Unified Direction for a Sustainable Future” (2021), further encourage companies to integrate ESG practices into governance structures, aligning with both national and international sustainability goals.

While these practices are not yet mandatory, they form an essential part of Kuwait’s long-term sustainability strategy.

Voluntary ESG Reporting

ESG reporting is currently voluntary but strongly encouraged across the regulatory landscape:

• The CMA, under Decision No 136 of 2022 and Module 12 of the CMA By-laws, recommends that CBK-Regulated Entities publish annual sustainability reports aligned with international standards, such as the Global Reporting Initiative (GRI) or Sustainability Accounting Standards Board (SASB) frameworks.
• Boursa Kuwait also encourages companies to disclose their ESG practices as part of their annual reporting cycles, or through standalone sustainability reports. Boursa recommends using the GRI and SASB standards, as well as Integrated Reporting (IR), to ensure comprehensive and comparable ESG disclosures.
• These reports should include materiality assessments and cover relevant environmental, social, and governance factors. While voluntary, publishing such reports is seen as a best practice for enhancing transparency and investor confidence.

Sustainable Financial Products and Climate Risk

The development of sustainable financial products and consideration of climate risks are strongly encouraged:

• The CBK Circular No 2/BS, IBS/500/2022 encourages banks to create financial products that align with sustainability goals, such as green bonds and other climate-friendly financial instruments.
• The circular also emphasises integrating climate risk management into lending and investment decisions to ensure long-term resilience and alignment with environmental objectives.
• Boursa Kuwait’s Guidelines similarly encourage companies to support green finance initiatives and emphasise the importance of integrating climate-related risks into broader business strategies.

Stakeholder Engagement and Materiality

CBK-Regulated Entities are encouraged to engage stakeholders, including investors, employees, and regulators, during materiality assessments. This ensures that ESG reports address the most relevant factors for the company’s operations and stakeholders, enhancing the relevance and credibility of the information disclosed.

Both the CMA and Boursa Kuwait emphasise that entities should focus on material issues that impact stakeholders and guide corporate strategies.

Alignment with International Standards

While ESG reporting is voluntary, companies are strongly encouraged to align with international frameworks such as the GRI, SASB, and IR to ensure consistency and comparability in their disclosures, as recommended by both the CMA and Boursa Kuwait.

While there is no direct equivalent to the European Union’s Digital Operational Resilience Act (DORA), the CBK has developed a comprehensive Cybersecurity Framework to ensure operational resilience against cyber threats. This framework outlines specific requirements for governance, risk management, incident reporting, third-party risk management, operational testing, and compliance, aligned with international best practices.

Governance and Risk Management

• Board responsibility: The board of directors is accountable for overseeing the cybersecurity framework, ensuring that adequate resources are allocated for managing cyber risks, and that cybersecurity is integrated into overall risk management strategies.
• Cybersecurity policies: Regulated entities must implement formal cybersecurity policies that cover critical areas such as access control, data protection, incident response, and vulnerability management.
• Risk assessment: CBK-Regulated Entities are required to conduct regular cyber risk assessments, updating them periodically to reflect new threats and changes in the operational landscape.
• Reporting structures: Clear reporting lines from cybersecurity teams to the board are essential to ensure timely communication of risks and incidents.

Incident Reporting and Management

• Mandatory reporting: CBK-Regulated Entities are required to report significant cybersecurity incidents to the CBK. High-risk incidents must be reported within four hours, including critical breaches or operational compromises. Medium-risk incidents must be reported within eight hours, while low-risk incidents are reported quarterly as part of routine cybersecurity reporting. Reports should provide a comprehensive overview of the incident, including its scope, impact, and the mitigation measures taken.
• Incident reporting process: The report submitted to the CBK must include:
1. the nature and cause of the incident (eg, phishing, malware, data breach);
2. the extent of the damage (eg, data loss, service disruption);
3. the actions taken to mitigate the incident, including containment and recovery efforts;
4. an assessment of whether personal data or critical systems were compromised; and
5. communication with affected parties, including customers, regulators, and stakeholders.
• Escalation and notification: CBK-Regulated Entities must have predefined escalation procedures in place to ensure that incidents are promptly escalated to senior management and the CBK.
• Post-incident review: After each incident, entities are required to conduct a post-incident review to assess the response’s effectiveness, identify any weaknesses in their cybersecurity framework, and implement corrective actions. This review must be documented and used to strengthen future response plans.

Third-Party Risk and Dependencies

• Third-party risk assessments: Regulated entities must assess and mitigate risks posed by third-party service providers, especially those involved in ICT services, by evaluating their cybersecurity controls and ensuring that proper measures are in place.
• Contractual safeguards: Contracts must include cybersecurity clauses that require third-party providers to comply with security standards and promptly report any security incidents affecting their services.
• Monitoring third-party providers: Continuous monitoring of third-party service providers is necessary to ensure compliance with security requirements and manage risks related to external dependencies.

Cyber Threat Intelligence and Collaboration

• Sector-wide collaboration: CBK-Regulated Entities are encouraged to participate in sector-wide initiatives, such as the Information Security Working Group (ISWG), to share threat intelligence and collaborate on mitigating cybersecurity threats across the banking sector.
• Threat monitoring: CBK-Regulated Entities are required to establish systems that actively monitor cyber threats and provide real-time alerts on potential vulnerabilities or suspicious activities.
• Collaboration with authorities: Close co-ordination with national regulators and cybersecurity authorities is encouraged to ensure alignment with national cybersecurity objectives.

Operational Resilience Testing

• Regular cybersecurity testing: CBK-Regulated Entities are required to conduct annual penetration testing, vulnerability assessments, and red teaming exercises to test the resilience of their systems against potential cyber threats.
• Business continuity plans (BCP): Entities must maintain business continuity plans (BCP) that address continuity during cyber incidents, ensuring the restoration of critical functions and services.
• Disaster recovery plans: Entities must have comprehensive disaster recovery plans that include data backup procedures, recovery strategies, and regular testing to ensure rapid recovery from cyber incidents.
• Cyber simulations and drills: Entities are encouraged to conduct regular cyber incident simulations to test their preparedness and response capabilities in real-world scenarios.

Compliance and Supervision

• Compliance with international standards: Entities must comply with international standards such as ISO/IEC 27001 (Information Security Management) and NIST (National Institute of Standards and Technology) frameworks.
• Internal audits: Regulated entities are required to conduct annual internal cybersecurity audits to assess the effectiveness of their cybersecurity measures, incident response protocols, and adherence to CBK regulations.
• Regulatory oversight: The CBK will perform periodic reviews and inspections to ensure compliance with the cybersecurity framework. Non-compliance may result in fines or increased regulatory scrutiny.

Conclusion

Although Kuwait does not have a direct equivalent to the EU’s DORA, the CBK’s regulatory framework addresses many of the same concerns around ICT risk management, operational resilience, and third-party oversight. By emphasising proactive risk management, robust business continuity planning, and strong third-party controls, the CBK ensures that Kuwaiti banks are well-equipped to navigate the complexities of digital threats and maintain operational continuity.

Upcoming Regulatory Developments Impacting Banks in Kuwait

Domestic political developments, regional geopolitics, legislative and regulatory reforms, rate cuts, government austerity measures, and tax reforms are expected to significantly impact Kuwait’s financial markets and reshape the regulatory landscape of the banking sector.

New Mortgage Law

The CBK is set to implement a new mortgage law that allows local banks to provide mortgage loans up to KWD140,000. The government will cover interest for the first KWD70,000 for eligible citizens.

This initiative is expected to stimulate credit growth in retail banking and support the real estate market, potentially leading to increased lending activity.

Interest Rate Adjustments

In response to global trends of lowering interest rates, particularly from the U.S. Federal Reserve, the CBK is expected to adjust its rates accordingly.

Lower interest rates may enhance credit growth as borrowing costs decrease, affecting both retail and corporate lending dynamics. This could also lead to an increase in debt restructuring activities.

Fintech Regulation and Innovation

The CBK has established a regulatory sandbox designed to facilitate fintech innovation, allowing banks and startups to test new financial products and services without exposing the financial system to undue risk.

Updated regulations governing electronic payment systems require providers to register with the CBK and comply with specific operational standards.

Ongoing evaluations of open banking initiatives indicate a proactive approach toward integrating fintech solutions into the banking landscape.

Digital Banking Licenses

The CBK is expected to grant additional digital banking licenses, paving the way for more neobanks in Kuwait.

This move is likely to increase competition within the banking sector, encouraging traditional banks to innovate and enhance their digital offerings.

Consolidation Trends

CBK-Regulated Entities are increasingly pursuing mergers and acquisitions (M&A) as a strategic response to the challenges of market saturation, limited organic growth opportunities, and rising competitive pressures, according to Fitch Ratings. High-profile consolidations, such as the potential merger between Boubyan Bank and Gulf Bank, and Kuwait Finance House’s merger with Ahli United Bank, are aimed at strengthening financial positions and diversifying business models.

Recent Political Reforms

Recent political reforms have had a notable impact on Kuwait’s banking sector:

• Suspension of Parliament: The temporary suspension of Parliament is expected to allow the government to pass long-overdue legislative and economic reforms, bypassing the persistent gridlock between the government and the National Assembly. This move, while reducing legislative oversight, may expedite reforms that influence the regulatory framework for banks and financial institutions.
• Consolidation of governmental authorities: As part of a broader trend to reduce costs and enhance efficiency, key governmental functions are being consolidated under the MOF. This streamlining effort, detailed in MOF letter REG_2024_23151, is aimed at improving decision-making and operational efficiency across government sectors, including financial regulation.
• Fiscal Reforms: Fiscal adjustments, driven by the need for budget cuts, may include the restructuring of state-owned enterprises such as Kuwait Petroleum Corporation (KPC). These reforms are likely to impact funding, investment strategies, and potentially the financial stability of the banking sector.
• Proposed debt law: The government is unable to raise public debt without the passage of a new debt law. The proposed law would allow the government to borrow funds to address budget deficits and finance development projects. If passed, the law is expected to have significant implications for liquidity, investment strategies, and the broader financial markets, potentially reshaping the banking sector’s role in public debt management.

Tax Developments Aligned with International Standards

• Kuwait’s commitment to international tax standards is evolving:
• Pillar Two Implementation: Kuwait has joined the OECD/G20 Inclusive Framework on Base Erosion and Profit Shifting (BEPS), committing to introduce a business profits tax (BPT) at a rate of 15%.
• GCC VAT framework: Adjustments may be considered that could impact financial services under the GCC VAT framework.
• Corporate income tax reforms: Kuwait’s current tax structure for corporate entities, including banks, includes a combination of contributions such as 1% Zakat, 1% to the Kuwait Foundation for the Advancement of Sciences (KFAS), and a 2.5% National Labor Support Tax (NLSAT). While these levies have long formed the basis of corporate contributions, various reforms are being considered as part of Kuwait’s alignment with international tax standards. There has been speculation about the introduction of a unified corporate income tax at a flat rate, potentially as high as 9%. Although no official announcement has been made, these discussions suggest a shift toward streamlining the tax system to replace the current layered approach with a single corporate income tax. At this stage, these changes remain unconfirmed, but any eventual reform would have significant implications for Kuwait’s business environment, particularly in sectors like banking and finance.